November 27th Newsletter Content [Original Newsletter]
Subject: IPMeter- Nov 27, IoT reliability & Security, IoT Device Tracking, Australia, Medical IoT Risks, HotW
How to connect IOT for business with reliability, security
Harnessing the true power of IOT and ensuring its effectiveness and security call for a deep understanding of IOT devices and network best practices.
Track Down Internet of Things Devices to Enhance Network Visibility
Agencies that don’t know what’s on their network can’t fully protect it, but there are tools to uncover unnoticed devices.
Australia’s cybersecurity strategy focuses on protecting small businesses and critical infrastructure
The Australian federal government has released the 2023-2030 Australian Cyber Security Strategy with a focus on protecting the country’s most vulnerable citizens and businesses. At first glance, the strategy covers a lot of ground, and the government will need to work hard and fast to ensure some of all the actions proposed are put in place before the next big breach.
Addressing cybersecurity risks in medical devices
While cybersecurity of any category of IoT devices is important (consider that the famous Mirai botnet attack used numerous consumer security cameras), the cybersecurity of devices within the internet of medical things (IoMT) is particularly important for several reasons.
Hack of the Week (HOT-W)
#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
(Several agencies) are releasing this joint Cybersecurity Advisory (CSA) to disseminate IOCs, TTPs, and detection methods associated with LockBit 3.0 ransomware exploiting CVE-2023-4966, labeled Citrix Bleed, affecting Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances.
November 16th Newsletter Content [Original Newsletter]
Subject: IPMeter- Nov 16, IoT Threats, Edge Security, Regulatory Pressures, Mozi, SESIP embraced by EU
IMore connected, less secure: Addressing IoT and OT threats to the enterprise
A forward-thinking zero trust strategy is necessary to securely manage IoT and OT devices at scale. Effectively protecting networks begins with an honest look at connectivity.
Demystifying edge security
The internet of things (IoT) has opened up a new frontier in the digital landscape, merging the physical and digital worlds through an ever-growing range of smart devices. Yet, as the network expands from smart homes to industrial setups, one looming issue remains—security.
The Regulatory Landscape for IoT: Navigating the Complexities of a Connected World
This article explores the evolving regulatory landscape for IoT, addressing the need for standards, privacy concerns, security risks, international coordination, and the path forward.
Mozi IoT Botnet: Kill Switch Halts Operations
In a surprising turn of events, the Mozi botnet experienced a sudden and significant drop in malicious activities in August 2023. This unexpected decline was attributed to the deployment of a “kill switch” that was effectively distributed to the infected bots.
SESIP embraced as European IoT security evaluation standard
GlobalPlatform’s Security Evaluation Standard for IoT Platforms (SESIP) has been embraced as the foundation for a European Standard (EN).
This milestone decision aims to streamline the IoT ecosystem’s approach to regulatory challenges and facilitate a comprehensive understanding, deployment, and explanation of security measures.
2023 IoT/Connected Products Award Winners Unveiled at Total Tech Summit in Las Vegas
LAS VEGAS – Editorial leaders from SSI and sister publications CE Pro and Commercial Integrator today revealed the 12 winners of the 2023 IoT/Connected Product Awards at the 2023 Total Tech Summit.
November 9th Newsletter Content [Original Newsletter]
Subject: IPMeter- Nov 9, IoT Malware, Establishing Trust, CVSS 4.0 Standards, Hack of the Week
IoT Malware Attacks Jump 400% Since 2022, Report
(Scarlett Evans writes) Manufacturing was the primary target for malware attacks over the past year, though all industries adopting connected devices are at risk.
Here’s what the IoT industry needs to learn about trust
Article compares the difference between IoT and the traditional banking industry where the security and regulatory components are largely visible and interactive, and how IoT should adopt these (IoT updated) controls to instill confidence.
AI, memory safety are real threats to IoT security
Memory safety is one of the big things that will impact IoT security, and (our) latest report shows 76% of consumer IoT companies could fall foul of impending security regulations around the world.
(Tip) Factors to consider when securing industrial IoT networks
Industrial IoT networks differ from enterprise data networks. Keeping them safe requires a security strategy that's specifically crafted for legacy and new devices and sensors.
Common Vulnerability Scoring System version 4.0: Specification Document
The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. CVSS consists of four metric groups: Base, Threat, Environmental, and Supplemental.
Hack of the Week (HOT-W)
CVE-2023-40044 Detail (CVSS Score 8.8)
In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.
November 1st Newsletter Content [Original Newsletter]
Subject: IPMeter- Nov 1, News of the Day, NIST Vision for IoT Devices, Hack of the Week
SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures
It took a while for the SEC to collect their hammer and issue its complaint to Solarwinds. The complaint alleges Solarwinds defrauded investors by overstating SolarWinds' cybersecurity practices and understating or failing to disclose known risks
Trusted IoT Onboarding: An Introduction to Draft NIST SP 1800-36
NIST is making gradual progress towards solving a significant problem in the IoT arena. How do you onboard the Billions of new devices in a way that is efficient and secure? Importantly, how do you onboard these devices protecting both the device and the network?
NIST has published SPECIAL PUBLICATION 1800-36B this week as well as held a public seminar to discuss it direction.
OT cyber attacks proliferating despite growing cybersecurity spend
The security landscape has changed to now include nation-state actors as well as profit-driven cyber threats. A zero-trust security model should be part of the security plan.
What cybersecurity standards will products in the EU soon have to meet?
It is worth looking closely at the EU standards as we do not see any reason why this wouldn't be copied as a US consumer standard.
Internet of Things (IoT) Security: Challenges and Best Practices
The modern IoT landscape
Why does IoT security matter?
5 most common IoT security challenges
Best practices for ensuring the security of IoT systems
CISA, HHS Release Collaborative Cybersecurity Healthcare Toolkit
The toolkit utilizes some of the sector-specific work done by others, but places all the tools in one place. A good read for those who work with and are responsible for Hospital IT security.
Hack of the Week
Weintek cMT3000 HMI Web CGI (Multiple Vulnerabilities)
CVSS Score: 9.8
Vulnerabilities: Stack-based Buffer Overflow, OS Command Injection
Successful exploitation of these vulnerabilities could allow an attacker to hijack control flow and bypass login authentication or execute arbitrary commands.
October 23rd Newsletter Content [Original Newsletter]
Subject: IPMeter- Oct 23 Guns, Cars and Cybersecurity, News of the Day, Hack of the Week
Imron's Security Conference
In a world of conferences that blend rubber chicken lunches with single hop Southwest tickets, Imron's Security Summit at the Marconi Automotive Museum was superbly different. Most conferences leave you feeling like you've walked into a building size cubicle from 1984, while Imron Corporation offered the latest in security practices with a backdrop of some of the very best in visual background for automotive buffs and appreciators alike.
The keynote was Katherine Schweit who wrote the FBI’s Active Shooter response strategies. As security professionals with varied backgrounds, this was a rare opportunity to pause and reflect on our own security postures and how they might relate to many diverse disciplines. Those of us in cybersecurity have similar issues such as involvement of non-participants, bogus data, and response-focused solutions. Here's what I took away from this conference:
Active Shooter Response: Plan Ahead, Don't Wait for an Event. Just as planning is crucial for IoT security, the same principle applies to active shooter response. Imron's conference reinforced the idea that preparedness is key – don't wait for a crisis to strike. CYBERSECURITY TAKEAWAY: it means that vulnerability reports need to include proactive information for our clients.
Security Isn't an Island: It Takes a Village. The event emphasized the importance of including non-security participants in our security plans. The least important person in a cyber plan are the cyber experts. In Operations Technology, its imperative that plant and facilities personnel’s experience is included in cybersecurity work product.
Active Shooters: It doesn’t just happen at schools. According to FBI research, active shooter events are actually more likely to happen in the workplace and be a current or former employee. Just like in cybersecurity, its not always kids or someone in a foreign land, sometimes its an inside job. Quantify your risk for your environment.
Video Games Aren't the Culprit: And here's a shocker – the FBI noted that active shooters aren't correlated with video game usage. It's a reminder that stereotypes and assumptions don't always hold true.
Car Nerd: The Shelby Daytona and a Gen2 Dodge Viper appear to share the same A pillar. If it works don’t change it.
More Car Nerd: Nigel Mansell's F1 ride had tires mounted on 13-inch wheels and giant series tires. That car set a lap record that stood for two decades. Takeaway: Low Profile donuts do not always reduce lap times.
Even More Car Nerd I look particularly good next to a Gull-wing Mercedes.
201+40 = $1,000,000
(Embedded.com) Ensuring security legislation compliance in IoT applications
Michael Fuhrmann distills Code of practice for Consumer IoT into 13 essential elements to ensure compliance with both (Customer and Organization) security requirements as well as current and upcoming legislative edicts.
(Globenewswire.com) Global Healthcare Internet of Things (IoT) Security Market Size to Reach USD 12.07 Billion in 2032 | Emergen Research
[Paywall] (According to Emergen Research) The Global Healthcare Internet of Things (IoT) Security Market size is expected to reach USD 12.07 Billion at a steady revenue CAGR of 21.6% in 2032, according to latest analysis by Emergen Research. Surge in ransomware attacks on healthcare IoT devices and rising concerns regarding threats to security of information and data in the healthcare sector are some key factors driving market revenue growth.
(Helpnetsecurity.com) Inadequate IoT protection can be a costly mistakeybersecurity
97% of organizations are struggling to secure their IoT and connected products to some degree, according to Keyfactor.
(EC-Council) IoT Security: Safeguarding Critical Networks Against Digital Assaults
This [posting] aims to explore the significance of IoT security while briefly covering a few of the significant concerns that threaten data security in these networks. Furthermore, we provide insights into safeguarding critical networks against digital assaults.
(Darkreading.com) 5 Ways Hospitals Can Help Improve Their IoT Security
(Xu Zou and Tapan Mehta of Palo Alto Networks writes) Connected medical devices have revolutionized patient care and experience. However, the use of these devices to handle clinical and operational tasks has made them a target for attackers looking to profit off of valuable patient data and disrupted operations… it found that 75% of them had at least one vulnerability or security alert.
Hack of the Week
(medium.com) Cisco CVE-2023–20198 Vulnerability
The recent discovery of CVE-2023–20198 has put the cybersecurity community on high alert. This critical vulnerability, identified within Cisco’s IOS XE software … This vulnerability is especially concerning as it allows remote, unauthenticated attackers to create accounts with high-level privileges on the affected systems, thus gaining control over them. … The Common Vulnerability Scoring System (CVSS) has rated this flaw a 10.0, the maximum severity score.
October 12th Newsletter Content [Original Newsletter]
Subject: IoT Security Newsletter from IPMeter- Oct 12 *New CISA Doc*, News of the Day, Hack of the Week
Come See Us @ Marconi Auto Museum
Join us on Oct 19th at IMRON’s Security Summit in Tustin, CA. Contact our team at firstname.lastname@example.org to discuss complimentary tickets.
Survey: 97% face challenges securing IoT & connected devices
Key findings related to IoT security challenges
20% growth of IoT devices over last three years.
IT Professionals lack confidence in IoT device security, and improvements are needed.
IoT Security budgets increasing, but not keeping pace with needs.
Organizations and manufacturers split on who is responsible for IoT security.
Organizations Struggle With IoT Security
Report Shows Majority Organizations Struggle With IoT Security
EU, US, and Now NATO: Big Changes in IoT Cybersecurity
Here’s why IoT cybersecurity is undergoing a renaissance.
CISA OpenSource FactSheet Published
CISA, Government, and Industry Partners Publish Fact Sheet for Organizations Using Open Source Software
Hack of the Week
Vulnerabilities found in ConnectedIO’s ER2000 edge routers and cloud-based management platform